<?php
session_start();
if (! isset($_SESSION[ 'login' ])) {
	header("Location:login.php");
	exit;
} 
include_once('libs/db.php');
include_once('libs/access_control.php');

if (!access_control(1)) {
	header("Location:index.php");
	exit;
}

if (isset($_POST['btnBlanquear'])) {
		$query = "UPDATE users SET update_st = 0 , pass = '".md5($_POST['user'])."'
				  WHERE login = '".$_POST['user']."'";
	if (!@mysql_query($query)) {
		$str_error .= "<br />Error al blanquear clave.";
	}
}
	
if (isset($_POST['btn'])) {
	$query = "SELECT *
	          FROM users
	          WHERE login = '".$_POST[ 'user' ]."' AND users.update_st = 0;";
	$result = @mysql_query($query);
	
	if (isset($result) && (@mysql_num_rows($result) == 0)) {
		$query = "INSERT INTO users VALUES ('{$_POST['user']}','".md5($_POST['user'])."','{$_POST['txt_apellido']}',
				  '{$_POST['txt_nombre']}',
				  '{$_POST['txt_libro']}', 
				  NOW(), 
				  0, NOW())";
	} else {
		$query = "UPDATE users SET 
					apellido = '{$_POST['txt_apellido']}', 
					nombre = '{$_POST['txt_nombre']}',
					id_libro = '{$_POST['txt_libro']}',
					update_ts = NOW()
				  WHERE login = '".$_POST['user']."'";
	}
	if (!@mysql_query($query)) {
		$str_error .= "<br />Error al grabar usuario. Reintente por favor.";
	}
	$_POST['txt_user'] = $_POST['user'];
	$_POST['btn_search'] = true;
}


if (isset($_POST[ 'btn_search' ])) {
	$query = "SELECT *
	          FROM users
	          WHERE login = '".$_POST[ 'txt_user' ]."' AND users.update_st = 0;";
	
	$result = @mysql_query($query);
	if ( isset($result) && (@mysql_num_rows($result) == 0)) {
		$str_error .= "<br />NO existe el usuario buscado.";
	}
} 

?>
<html>
<head>
<script src='javascript\utils.js'></script>
<script src='javascript\abm_users.js'></script>
<LINK href="common.css" rel="stylesheet" type="text/css">
</head>

<?php include_once('htx/header.php');?>

<form id='form_user' method=POST action='abm_users.php' >
<div align=center style='top:100px' >
<fieldset id='fieldset' >
<legend>ABM de usuarios</legend><br />
<table id='tbl' align=center cellpadding='5' cellspacing='5'>
<tr>
	<th>Usuario: </th>
	<th><input type='text' name='txt_user' id='txt_user' value='<?php   if(isset($_POST[ 'txt_user' ])){echo $_POST[ 'txt_user' ];} ?>' maxlength='30' size='20' ></th>
	<th><button name='btn_search' class='button' onclick='this.form.submit()'><img src='images/user.png' align=center /> Buscar</button></th>
</tr>
</table>
</form>
<form id='form_data' method=POST action='abm_users.php' onSubmit='javascript:return false;'>
<table id='tbl' align=center cellpadding='5' cellspacing='5'>
<?php 
$row = @mysql_fetch_assoc($result);
echo "<tr>";
echo "<th>Apellido</th>";
echo "<th><input type='text' name='txt_apellido' id='txt_apellido' value='".$row[ 'apellido' ]."' maxlength='50' size='30' ></th>";
echo "</tr>";
echo "<tr>";
echo "<th>Nombre</th>";
echo "<th><input type='text' name='txt_nombre' id='txt_nombre' value='".$row[ 'nombre' ]."' maxlength='50' size='30' ></th>";
echo "</tr>";
echo "<tr>";
echo "<th>Libro en el cual registra(0-Ninguno)</th>";
echo "<th><input type='text' name='txt_libro' id='txt_libro' value='".$row[ 'id_libro' ]."' maxlength='2' size='3' ></th>";
echo "</tr>";
echo "<tr>";
echo "<th colspan=2 ><button name='btn' class='button' onclick='javascript:check_information();' ><img src='images/user_32.png' align=center /> Crear/Modificar Usuario</button></th>";
echo "<th colspan=2 ><button name='btnBlanquear' class='button' onclick='javascript:check_information();' ><img src='images/password_32.png' align=center />Blanquear Clave</button></th>";
echo "</tr>";
?>
</table></fieldset>
<input type='hidden' name='user' id='user' />
</form>
</body>
</html>	